Changes between Version 53 and Version 54 of BluePrintAuthenticationAccess


Ignore:
Timestamp:
05/11/09 10:46:16 (16 years ago)
Author:
Fran Boon
Comment:

Authorization implementation

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthenticationAccess

    v53 v54  
    5858 * DeveloperGuidelinesAuthenticationAccess
    5959
    60 There are 2 modes for Authorisation right now:[[BR]]
    61  * simple: Anonymous access is currently granted for all Read operations, with Create/Update/Delete requiring a user to be Authenticated
    62  * full: Uses Web2Py's Role-Based Access Control for table-level control (can be separated for C/R/U/D)
    63  * Record-level security to be integrated: http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9
     60There are 3 modes for Authorisation right now:[[BR]]
     61 * simple:
     62  * Anonymous access is currently granted for all Read operations
     63  * Create/Update/Delete requiring a user to be Authenticated
     64 * table:
     65  * Uses Web2Py's Role-Based Access Control for table-level control (can be separated for C/R/U/D)
     66 * record:
     67  * Uses Web2Py's Role-Based Access Control for record-level control (can be separated for C/R/U/D): http://groups.google.com/group/web2py/browse_thread/thread/e4b54f08ec6b66f9
    6468
    65 NB 'full' mode requires each permission to be explicitly granted, so we default to having all registered users as 'Readers' & only 'Administrators' being able to Create/Update/Delete. Administrators can manually add other users to 'Editors' if-required.[[BR]]
     69NB 'table' & 'record' modes requires each permission to be explicitly granted.[[BR]]
     70For 'table' mode, we default to having all registered users as 'Readers' & only 'Administrators' being able to Create/Update/Delete. Administrators can manually add other users to 'Editors' if-required.[[BR]]
    6671Modules can provide further restrictions in {{{models/zzz.py}}}
     72
     73'record' mode currently has no framework support to ease administration & hence isn't yet recommended.
    6774
    6875Whether a user is authorised or not is defined using {{{has_permission()}}} in {{{models/__db.py}}} & called by the [wiki:BluePrintREST RESTlike controller]
    6976
    70 We use {{{sahana_group}}} table for Roles & {{{sahana_membership}}} to show which roles a user has.
     77We use {{{auth_group}}} table for Roles & {{{auth_membership}}} to show which roles a user has.
    7178 * admin role initialised in {{{_db.py}}}
    7279 * 1st user to register gets Administrator role